- Clean up the paths for ro.revision and ro.hardware parsing
- Use ro.hardwre in ueventd instead of parsing the kernel command line
(cherry-pick of 38b340a52f8e864650db8bae1eb88d5c00485db0.)
Bug: 19366018
Change-Id: I018a293f3d46e736a8b65132b5b00b0f7c20edae
These were leftovers from the SELinux boolean support that
was originally merged. Since Android prohibits SELinux policy
booleans, we can just drop it.
Change-Id: I02f646a7d8db65e153702205b082b87a73f60d73
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Adding "setenforce 0" to init.rc isn't a supported way to turn off
SELinux, and doesn't work with AOSP SELinux policy. Remove the code
from init.
Change-Id: If8c8149560789c9a7ba518a0a100e6033bb68898
I've been deliberately vague about the name of the readme because I want to
come back and switch to markdown, but that probably won't happen today.
Change-Id: I60651703709bbfd499227f882eb949396e8f4f6c
Add a built-in command for loading verity state. If dm-verity
will be started in logging mode, trigger verity-logging.
Needs changes from
Ibb82953594d234f81ad21c40f524190b88e4ac8f
Change-Id: I5af4918f2f14fdd4d07f51c55837e08111fd3748
- KISS as all options are now passed to adb for better or worse
- runs bootchart and immediately displays the results
Bug: 19485335
Bug: 18390773
Change-Id: Id32930031371d0368e605810f0c998232a1d4f16
bootchart uses a file on the data partition to decide if it should collect
data for bootchart, but the data partition will be mounted by the mount_all
command in the "on fs" section, and it will be only added into the action
queue when command "trigger fs" is executed, but that's after the
bootchart_init action (late_init).
This change makes bootchart_init a builtin command of init,
and make it executed as the first command of "on post-fs" section
which will be triggered after the "on fs" section.
This change also refactors the bootchart code to all be in bootchart.cpp.
Change-Id: Ia74aa34ca5b785f51fcffdd383075a549b2a99d9
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
In the case of do_write (write to generic file) there
is really no relation to the PROP_VALUE_MAX limitation
of system properties. The current value, 92, is not so
much for writing to files so bump it a bit.
Ideally there should not be any low hard limit in this
case. Either expand_props should allocate the output
buffer or take the output fd and to streaming write.
Such a change is rather invasive though and at this
point in time it seems reasonable that one dont want
more than 256 character strings in the init files.
Change-Id: I846a282ae4e747e6171eef38b302b46287951451
This isn't particularly useful in and of itself, but it does introduce the
first (trivial) unit test, improves the documentation (including details
about how to debug init crashes), and made me aware of how unpleasant the
existing parser is.
I also fixed a bug in passing --- unless you thought the "peboot" and "pm"
commands were features...
Bug: 19217569
Change-Id: I6ab76129a543ce3ed3dab52ef2c638009874c3de
Also switch the revision parsing over to sscanf as promised. I haven't
done the hardware parsing because I don't yet know whether we actually need
to keep the space-stripping code.
Change-Id: Ic33378345cd515cb08d00c543acf44eb72673396
A typo in the documentation for one, and a couple of signed/unsigned warnings
in the implementation of the other.
Change-Id: I8fb4b7448ac901c543dea7420aabcedf13ec1bd8
"&&" operator can now be used to test the validity
of two of more properties.
For example:
on property:test.a=1 && property:test.b=1
setprop test.c 1
The above stub sets the test.c to 1 only when
both test.a=1 and test.b=1
(cherry-pick of 162f7d797c67019a7a3f08c3b0f0ffc91d548ddc.)
Change-Id: I72c19f7aa92231372a416193618ee6c7fd368141
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
42a9349dc4 modified init's
builtin chmod, chown, and mkdir calls to avoid following
symlinks. This addressed a number of attacks we were seeing
at the time where poorly written init scripts were following
attacker supplied symlinks resulting in rooting vulnerabilities.
To avoid race conditions, the previous implementation only ran
fchown / fchmod on file descriptors opened with open(O_NOFOLLOW).
Unfortunately, unlike the normal "chown" or "chmod" calls, this
requires read or write access to the underlying file. This
isn't ideal, as opening some files may have side effects, or
init may not have permission to open certain files (such as when
SELinux is enabled).
Instead of using open(O_NOFOLLOW) + fchown(), use lchown() instead.
As before, the target of the symlink won't be modified by chown.
This also supports setting the ownership of symlinks.
Instead of using open(O_NOFOLLOW) + fchmod(), use
fchmodat(AT_SYMLINK_NOFOLLOW) instead. As before, the target of the
symlink won't be modified by chmod.
This change will continue to ensure that chown/chmod/mkdir doesn't
follow symlinks, without requiring init to open every file in
read-only or read-write mode.
This change depends on bionic commit I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Addresses the following mako/occam SELinux denial:
audit(1422770408.951:6): avc: denied { write } for pid=1 comm="init" name="smd7" dev="tmpfs" ino=7207 scontext=u:r:init:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file
Change-Id: I14fde956784d65c44e7aa91dd7eea9a004df3081
LOCAL_FORCE_STATIC_EXECUTABLE was not working properly for clang
because -Bstatic was ignored by clang. We can now enable clang
for init after the -static flag is added to link static executable
files in build/core/definitions.mk.
BUG: 18008984
Change-Id: I3f361b83c1e0b313914603dff33fd090cd3b116a
For build-system CFLAGS clean-up, fix unused variables.
Use a #define instead of static variable in a header file.
Change-Id: Id47bf38e51644b61a9f3ac1893a16553695f1aac
init doesn't start when built with clang.
Set LOCAL_CLANG:=false until this is analyzed and fixed.
Change-Id: I5a7944aef676ce88defe5c0449e712d9812fb5f3
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
This commit fixes code that incorrectly increments s when it
hits the terminator character of the string being sanitized.
This means it will randomly start trashing memory beyond the
end of the string being sanitized until it happens to hit two
NULs (\0\0) which will break it out of the loop.
Change-Id: I76553d7f183236a78a0bc7b408e92559b98f732f
waitpid breaks whenever child status signals. Need to loop, continuing
on errno EINTR
Bug: 17515976
Change-Id: Ibb29056a38b3c90dc7904de8c6aedb5a362e511d
We originally included a warning to not invoke restorecon_recursive
with a path leading to a shell-writable or app-writable directory
due to concerns about the potential for mischief with symlinks during
the restorecon_recursive. However, this warning was never necessary for
calling restorecon_recursive during system initialization before an adb
shell or app can run, and we have further prohibited init from
reading/following symlinks that can be created by shell or apps in
policy, so this warning is superfluous. It also contradicts current
usage of restorecon_recursive in rootdir/init.rc, since it is called
there on /data.
Change-Id: I28a635e0b5991ced8adcef93e7a04f9d9e5634fd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Need to not set this property) during mount, since it can't
be changed later (ro property)
Also no reason to start class main on encryption cycle - we'll
show surfaceflinger, which is enough UI for this short cycle.
Bug: 17041092
Change-Id: Ica5339c54e45716d0fe20e23c0ab857f388d23ed
Make sure to call _exit instead of exit to avoid triggering exit
handlers that may have existed in the parent process.
Print out a log message when forking to process firmware events fails.
Change-Id: I2436bdf85d9a8ea26b718e62023f1dac89864667
Ideally bootchart collects system data every BOOTCHART_POLLING_MS ms.
However, the current bootchart pacing logic would collect data every
time the main loop in init.c is executed. This results in:
1. Multiple data samples being taken consecutively or prematurely. In
many cases, these data samples have the same timestamp (in jiffies).
The off-line data processing tool would complain about dividing by
zero "interval" and bail out.
2. Because of the ineffective pacing, bootchart data collection would
terminate prematurely. The total duration of data collection is usually
much shorter than what the user specifies.
The fix is to check whether BOOTCHART_POLLING_MS ms has elapsed
before taking a new data sample. For this purpose, /proc/uptime
is used to get the time values, consistent with the precision of
bootchart timestamps.
Change-Id: I106bf91dbda01059b719df6c73b8bd1cd54a64f0
Signed-off-by: Bo (Andover) Zhang <zhang@broadcom.com>
Move the unlink out of init.c and into init.rc, so that the file
will be removed after all the filesystems with firmware are up.
Change-Id: Ifdd5dd1e95d7e064dde5c80b70198882d949a710
Move the unlink out of init.c and into init.rc, so that the file
will be removed after all the filesystems with firmware are up.
Change-Id: I7442df2042cc2788d0301f00e3c2fba7d6e0e1c7
The init process allows environment variables to be specified in
the rc script globally, via 'export', and for a specific process,
via the 'setenv' option.
However, the mechanism for assembling the environment simply
appended the new variable without checking whether it was already
defined, so it was not possible to overwrite an existing entry.
This patch fixes that behaviour.
Limitations and concerns:
The limit of a maximum number of 31 variables is unchanged.
Currently, most callers of "add_environment" do not check the return
value, but the function now logs the failure rather than failing
silently.
Change-Id: Ie9a68c37a0f55c5b40e904e695cd35514f67f480
Currently, the fixup code in fixup_sys_perms() scans through all
entries in uevent*.rc. If it finds a match, then it performs a fixup.
If there's no match in that file, no fixup is performed.
SELinux file labels are independently stored in /file_contexts,
with no relationship to the files in /ueventd.rc. Even when no
entries exist in ueventd.rc, we still want to fixup the SELinux
file label in /sys when a uevent message occurs.
Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
If the encryptable partition is wiped (4KB worth of 0 or 0xff),
then reboot into recovery to format /data+/cache
This is while waiting for the Mac OS support to format f2fs.
The flashstation running on Mac OS will currently just erase userdata
and not format it with f2fs.
Bug: 15720406
Bug: 15747366
Change-Id: Ib7cca3e1701483a09573457a835750f34da71ee0
Move the code that attempts to mount alternative fstab entries
into its own function.
Clarify return codes.
Suggest wipe via recovery in error messages.
Bug: 15747366
Change-Id: I3634477cd4d1d73f974f3e906c53285f0d9e0eac
Signed-off-by: JP Abgrall <jpa@google.com>
+ Add a new property, sys.init_log_level, which can be set after init
bootstrap. This will control the level at which init does prints to klog.
Change-Id: Ia15b2110157b5e6b713785ece9b0fb94889be6c8
+ Make prints of rc commands significantly more verbose. All commands
will log all arguments, file/line number of the command, return value,
and parent action which triggered the command.
init: command 'mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000' action=init
status=0 (/init.rc:89)
init: command 'setprop net.tcp.default_init_rwnd 60' action=boot status=0
(/init.rc:403)
Change-Id: I5498c7258e4891706be4a12546df4231d14d86c4
We already do this for init, but had failed to do it for ueventd
and could not capture any logging from libselinux calls made by
ueventd.
Truly enabling non-error logging also requires uncommenting a line
in Android.mk:
LOCAL_CFLAGS += -DLOG_UEVENTS=1
which enables other logging and sets the default log level to INFO,
or otherwise changing the klog level in the ueventd code (is not
settable by init.rc loglevel).
Change-Id: I00e6f9d6271f2a21d9078c96368816d74d6d2850
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add the ability to boot up directly from charger mode, instead of forcing
charger mode to initiate a full restart to launch 'full' android. This
should shave a few seconds off of boot time on supported devices (just
manta for now).
Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
